package com;
//方法2：创建预状态通道  此方法可以防止SQL注入！！！！！
import com.mysql.cj.protocol.Resultset;
import com.mysql.cj.x.protobuf.MysqlxCrud;

import java.sql.*;

public class Demo4 {
    public static void main(String[] args) {
        Connection connection = null;
        Statement statement = null;
        ResultSet resultSet = null;
        PreparedStatement pps = null;
        try {
            //1.加载驱动
            Class.forName("com.mysql.cj.jdbc.Driver");
            //2.获得链接
            String userName="root";
            String passWord="123456";
            String url="jdbc:mysql://localhost:3306/sql1?serverTimezone=UTC";
            connection = DriverManager.getConnection(url,userName,passWord);
            //3.定义sql,创建状态通道(进行sql语句的发送)

            //方法2：创建预状态通道  此方法可以防止SQL注入！！！！！

            String sql = "select* from manager where uname= ? and password = ?";
            pps = connection.prepareStatement(sql);
            String username = "aa";
            String pass=" '' or 1=1";
            //String pass="123";  //正确密码
            //给占位符赋值  (下标,内容) 从1开始
            pps.setString(1,username);
            pps.setString(2,pass);
            //执行sql
            resultSet = pps.executeQuery();
            if (resultSet.next()){
                System.out.println("登陆成功");
            }else {
                System.out.println("登陆失败");
            }
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
        } catch (SQLException e) {
            e.printStackTrace();
        } finally {
            //关闭资源
            try {
                if (resultSet != null){//判断之前是否连接上
                    resultSet.close();
                }
                if(pps != null){
                    pps.close();
                }
                if (connection != null){
                    connection.close();
                }
            } catch (SQLException e) {
                e.printStackTrace();
            }
        }

    }
}
